Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain HTTPrequests. If a remote attacker sends a specially crafted request, it ispossible to cause the ruby CGI script to enter an infinite loop, possiblycausing a denial of service. (CVE-2006-6303)

An SSL certificate validation flaw was discovered in several Ruby Netmodules. The libraries were not checking the requested host name againstthe common name (CN) in the SSL server certificate, possibly allowing a manin the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which containbackported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188